Tuesday, 3 December 2013

Following the data
breach which occurred at Loyaltybuild in October resulting in the breach of
personal data of some 1.5 million individuals (including 376,000 individuals
whose full credit card data was compromised), the investigation of the ODPC has
been continuing.

The ODPC received
a full client company list from Loyaltybuild in respect of those client
companies whose customer data was exposed during the data breach. The ODPC
immediately instructed Loyaltybuild to notify these client companies of the
breach of their customer’s data and received confirmation from Loyaltybuild
that this has taken place.

The ODPC also made
contact with the client companies of Loyaltybuild based in this jurisdiction
and instructed them to inform their customers of the breach of their data in
accordance with our data security breach code of practice. The focus of our
investigation to date has been uncovering the extent and nature of the personal
data involved in the breach and ensuring that affected individuals have been
duly notified. It is our understanding that this notification process is
nearing completion.

Given the
transborder nature of this data breach, the ODPC has taken the important
measure of notifying relevant European colleague data protection authorities
providing them with relevant information for any follow up action they may need
to take.

The ODPC
investigation is continuing with the focus now on security practices and
procedures employed by the company. Part of this phase of the investigation
will also involve the carrying out of a follow up inspection. The company has
ceased its processing of personal data until such time as it can satisfy this
Office that adequate security measures are in place.